Re: limit sharing ability to certain users
As Sami pointed out, I had wrong syntax:
> close, but few typos. userdb should be:
>
> userdb {
> driver = passwd-file
> args = username_format=%Lu /etc/dovecot/share.passwd
> }
>
> Sami
On 06.08.2018 22:52, Simeon Ott wrote:
> Thanks for the advice Aki
>
>> On 6 Aug 2018, at 07:26, Aki Tuomi > > wrote:
>>
>> userdb {
>> driver = username_format=%Lu passwd-file
>> args = /etc/dovecot/share.passwd
>> }
>
> Something is wrong with the suggested driver configuration – Leads to
> a fatal – I think there is missing a driver name.
> Any chance of doing this via LDAP attribute?
>
> Here is my working config (without your suggestion):
> # 2.2.13: /etc/dovecot/dovecot.conf
> # OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11
> auth_debug = yes
> auth_debug_passwords = yes
> auth_mechanisms = plain login
> auth_verbose = yes
> auth_verbose_passwords = plain
> debug_log_path = syslog
> disable_plaintext_auth = no
> info_log_path = syslog
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
> mail_debug = yes
> mail_gid = 5000
> mail_location = maildir:~/Maildir
> mail_plugins = zlib quota acl
> mail_uid = 5000
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date ihave
> namespace {
> hidden = no
> ignore_on_failure = no
> inbox = no
> list = children
> location = maildir:%%h/Maildir:INDEX=%h/shared/%%u:CONTROL=%h/shared/%%u
> prefix = shared/%%u/
> separator = /
> subscriptions = yes
> type = shared
> }
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> auto = subscribe
> special_use = \Drafts
> }
> mailbox Sent {
> auto = subscribe
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Spam {
> auto = subscribe
> special_use = \Junk
> }
> mailbox Trash {
> auto = subscribe
> special_use = \Trash
> }
> prefix =
> separator = /
> type = private
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf
> driver = ldap
> }
> plugin {
> acl = vfile
> acl_shared_dict = file:/var/spool/postfix/virtual/shared-mailboxes
> quota = maildir:User quota
> quota_exceeded_message = 4.2.2 Mailbox full
> quota_rule = *:storage=1G
> quota_rule2 = INBOX.Trash:storage=+100M
> quota_rule3 = INBOX.Spam:ignore
> quota_warning = storage=95%% quota-warning 95 %u
> sieve = ~/.dovecot.sieve
> sieve_before = /var/lib/dovecot/sieve/default.sieve
> sieve_dir = ~/sieve
> sieve_max_actions = 32
> sieve_max_redirects = 4
> sieve_max_script_size = 1M
> sieve_quota_max_scripts = 0
> sieve_quota_max_storage = 0
> }
> protocols = " imap lmtp sieve pop3"
> service auth {
> group = dovecot
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0666
> user = postfix
> }
> unix_listener auth-master {
> group = vmail
> mode = 0666
> user = vmail
> }
> unix_listener auth-userdb {
> group = vmail
> mode = 0666
> user = vmail
> }
> user = dovecot
> }
> service lmtp {
> unix_listener lmtp {
> mode = 0666
> }
> }
> service managesieve-login {
> inet_listener sieve {
> port = 4190
> }
> inet_listener sieve_deprecated {
> port = 2000
> }
> process_min_avail = 0
> service_count = 1
> vsz_limit = 64 M
> }
> ssl = no
> userdb {
> args = /etc/dovecot/dovecot-ldap.conf
> driver = ldap
> }
> protocol lmtp {
> mail_plugins = zlib quota acl sieve
> }
> protocol lda {
> auth_socket_path = /var/run/dovecot/auth-master
> deliver_log_format = msgid=%m: %$
> mail_plugins = zlib quota acl sieve
> postmaster_address = postmas...@onnet.ch
> }
> protocol imap {
> mail_plugins = zlib quota acl imap_quota imap_acl
> }
> protocol sieve {
> info_log_path = /var/log/sieve.log
> log_path = /var/log/sieve.log
> mail_max_userip_connections = 10
> managesieve_implementation_string = Dovecot Pigeonhole
> managesieve_logout_format = bytes=%i/%o
> managesieve_max_compile_errors = 5
> managesieve_max_line_length = 65536
> }
>
> Thanks in advance for your help
Re: limit sharing ability to certain users
Thanks for the advice Aki
> On 6 Aug 2018, at 07:26, Aki Tuomi wrote:
>
> userdb {
>driver = username_format=%Lu passwd-file
>args = /etc/dovecot/share.passwd
> }
Something is wrong with the suggested driver configuration – Leads to a fatal –
I think there is missing a driver name.
Any chance of doing this via LDAP attribute?
Here is my working config (without your suggestion):
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = syslog
disable_plaintext_auth = no
info_log_path = syslog
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
mail_debug = yes
mail_gid = 5000
mail_location = maildir:~/Maildir
mail_plugins = zlib quota acl
mail_uid = 5000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
namespace {
hidden = no
ignore_on_failure = no
inbox = no
list = children
location = maildir:%%h/Maildir:INDEX=%h/shared/%%u:CONTROL=%h/shared/%%u
prefix = shared/%%u/
separator = /
subscriptions = yes
type = shared
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
plugin {
acl = vfile
acl_shared_dict = file:/var/spool/postfix/virtual/shared-mailboxes
quota = maildir:User quota
quota_exceeded_message = 4.2.2 Mailbox full
quota_rule = *:storage=1G
quota_rule2 = INBOX.Trash:storage=+100M
quota_rule3 = INBOX.Spam:ignore
quota_warning = storage=95%% quota-warning 95 %u
sieve = ~/.dovecot.sieve
sieve_before = /var/lib/dovecot/sieve/default.sieve
sieve_dir = ~/sieve
sieve_max_actions = 32
sieve_max_redirects = 4
sieve_max_script_size = 1M
sieve_quota_max_scripts = 0
sieve_quota_max_storage = 0
}
protocols = " imap lmtp sieve pop3"
service auth {
group = dovecot
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-master {
group = vmail
mode = 0666
user = vmail
}
unix_listener auth-userdb {
group = vmail
mode = 0666
user = vmail
}
user = dovecot
}
service lmtp {
unix_listener lmtp {
mode = 0666
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
process_min_avail = 0
service_count = 1
vsz_limit = 64 M
}
ssl = no
userdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
protocol lmtp {
mail_plugins = zlib quota acl sieve
}
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
deliver_log_format = msgid=%m: %$
mail_plugins = zlib quota acl sieve
postmaster_address = postmas...@onnet.ch
}
protocol imap {
mail_plugins = zlib quota acl imap_quota imap_acl
}
protocol sieve {
info_log_path = /var/log/sieve.log
log_path = /var/log/sieve.log
mail_max_userip_connections = 10
managesieve_implementation_string = Dovecot Pigeonhole
managesieve_logout_format = bytes=%i/%o
managesieve_max_compile_errors = 5
managesieve_max_line_length = 65536
}
Thanks in advance for your help
smime.p7s
Description: S/MIME cryptographic signature
Re: AW: 2.3.2.1 - relay to lmtps from other lan host
Got it working. The error (TLS handshake failed: The TLS connection was
non-properly terminated) seems to be caused by [ msmtp ] not supporting
EC certificates.
> Right, now I got then
>
>> service lmtp {
>> unix_listener lmtp {
>> #mode = 0666
>> }
>>
>> inet_listener lmtp {
>> address = 172.24.109.6
>> port = 24
>> }
>> }
> and [ msmtp ] is connecting indeed. Does TLS/STARTTLS need to be added
> to [ inet_listener lmtp ] in order to facilitate [ lmptps ]? If so what
> is the syntax?
>
> Right now this error comes up:
>
>> msmtp: TLS handshake failed: The TLS connection was non-properly
>> terminated.
>> So what should be listening on port 262? Unix sockets are not tcp ports.
>> You have lmtp as unix socket configured but want to access from remote via
>> tcp socket? I think you need inet_listener instead of unix_ listener
>>
>>> looked into the [ dovecot wiki ] but a search for [ lmtps ] came up
>>> empty and thus hoping to get some assistance here.
>>>
>>> I am trying to relay with [ msmtp ] via [ lmtps ] from a lan host other
>>> than [ dovecot ] is running on.
>>>
>>> [ dovecot config ]
>>>
service lmtp {
unix_listener lmtp {
#mode = 0666
}
>>> [ ss -wxl | grep lmtp ]
u_strLISTEN 0 100 /var/run/dovecot/lmtp 68262 * 0
>>> So far so good. Now from the other lan host -> [ msmtp --serverinfo
>>> --tls --tls-certcheck=off --host=172.24.109.6 --protocol=lmtp --port=262
>>> ] produces:
>>>
msmtp: cannot connect to 172.24.109.6, port 262: Connection refused
>
Re: AW: 2.3.2.1 - relay to lmtps from other lan host
Right, now I got then
> service lmtp {
> unix_listener lmtp {
> #mode = 0666
> }
>
> inet_listener lmtp {
> address = 172.24.109.6
> port = 24
> }
> }
and [ msmtp ] is connecting indeed. Does TLS/STARTTLS need to be added
to [ inet_listener lmtp ] in order to facilitate [ lmptps ]? If so what
is the syntax?
Right now this error comes up:
> msmtp: TLS handshake failed: The TLS connection was non-properly
> terminated.
> So what should be listening on port 262? Unix sockets are not tcp ports.
> You have lmtp as unix socket configured but want to access from remote via
> tcp socket? I think you need inet_listener instead of unix_ listener
>
>> looked into the [ dovecot wiki ] but a search for [ lmtps ] came up
>> empty and thus hoping to get some assistance here.
>>
>> I am trying to relay with [ msmtp ] via [ lmtps ] from a lan host other
>> than [ dovecot ] is running on.
>>
>> [ dovecot config ]
>>
>>> service lmtp {
>>> unix_listener lmtp {
>>> #mode = 0666
>>> }
>> [ ss -wxl | grep lmtp ]
>>> u_strLISTEN 0 100 /var/run/dovecot/lmtp 68262 * 0
>> So far so good. Now from the other lan host -> [ msmtp --serverinfo
>> --tls --tls-certcheck=off --host=172.24.109.6 --protocol=lmtp --port=262
>> ] produces:
>>
>>> msmtp: cannot connect to 172.24.109.6, port 262: Connection refused
>>
Re: limit sharing ability to certain users
> On 6 Aug 2018, at 8.26, Aki Tuomi wrote:
>
> You could do
>
> userdb {
>driver = username_format=%Lu passwd-file
>args = /etc/dovecot/share.passwd
> }
>
> # /etc/dovecot/share.passwd
> t...@onnet.ch :::
> userdb_acl=vfile:/etc/dovecot/dovecot-acl userdb_acl_globals_only = yes
>
> should prevent the user from modifying any ACL files.
>
close, but few typos. userdb should be:
userdb {
driver = passwd-file
args = username_format=%Lu /etc/dovecot/share.passwd
}
Sami
Re: 2.3.2.1 - relay to lmtps from other lan host
So what should be listening on port 262? Unix sockets are not tcp ports.
---Aki TuomiDovecot oy
Original message From: ѽ҉ᶬḳ℠ Date: 06/08/2018
21:14 (GMT+02:00) To: dovecot Subject: 2.3.2.1 - relay
to lmtps from other lan host
Hi,
looked into the [ dovecot wiki ] but a search for [ lmtps ] came up
empty and thus hoping to get some assistance here.
I am trying to relay with [ msmtp ] via [ lmtps ] from a lan host other
than [ dovecot ] is running on.
[ dovecot config ]
> service lmtp {
> unix_listener lmtp {
> #mode = 0666
> }
[ ss -wxl | grep lmtp ]
> u_strLISTEN 0 100 /var/run/dovecot/lmtp 68262 * 0
So far so good. Now from the other lan host -> [ msmtp --serverinfo
--tls --tls-certcheck=off --host=172.24.109.6 --protocol=lmtp --port=262
] produces:
> msmtp: cannot connect to 172.24.109.6, port 262: Connection refused
AW: 2.3.2.1 - relay to lmtps from other lan host
You have lmtp as unix socket configured but want to access from remote via tcp
socket? I think you need inet_listener instead of unix_ listener
- Originale Nachricht -
Von: "ѽ҉ᶬḳ℠"
Gesendet: 06.08.18 - 20:14
An: dovecot
Betreff: 2.3.2.1 - relay to lmtps from other lan host
> Hi,
>
> looked into the [ dovecot wiki ] but a search for [ lmtps ] came up
> empty and thus hoping to get some assistance here.
>
> I am trying to relay with [ msmtp ] via [ lmtps ] from a lan host other
> than [ dovecot ] is running on.
>
> [ dovecot config ]
>
>> service lmtp {
>> unix_listener lmtp {
>> #mode = 0666
>> }
>
> [ ss -wxl | grep lmtp ]
>> u_strLISTEN 0 100 /var/run/dovecot/lmtp 68262 * 0
>
> So far so good. Now from the other lan host -> [ msmtp --serverinfo
> --tls --tls-certcheck=off --host=172.24.109.6 --protocol=lmtp --port=262
> ] produces:
>
>> msmtp: cannot connect to 172.24.109.6, port 262: Connection refused
>
>
AW: 2.3.2.1 - relay to lmtps from other lan host
You have lmtp as unix socket configured but want to access from remote via tcp
socket? I think you need inet_listener instead of unix_ listener
- Originale Nachricht -
Von: "ѽ҉ᶬḳ℠"
Gesendet: 06.08.18 - 20:14
An: dovecot
Betreff: 2.3.2.1 - relay to lmtps from other lan host
> Hi,
>
> looked into the [ dovecot wiki ] but a search for [ lmtps ] came up
> empty and thus hoping to get some assistance here.
>
> I am trying to relay with [ msmtp ] via [ lmtps ] from a lan host other
> than [ dovecot ] is running on.
>
> [ dovecot config ]
>
>> service lmtp {
>> unix_listener lmtp {
>> #mode = 0666
>> }
>
> [ ss -wxl | grep lmtp ]
>> u_strLISTEN 0 100 /var/run/dovecot/lmtp 68262 * 0
>
> So far so good. Now from the other lan host -> [ msmtp --serverinfo
> --tls --tls-certcheck=off --host=172.24.109.6 --protocol=lmtp --port=262
> ] produces:
>
>> msmtp: cannot connect to 172.24.109.6, port 262: Connection refused
>
>
2.3.2.1 - relay to lmtps from other lan host
Hi,
looked into the [ dovecot wiki ] but a search for [ lmtps ] came up
empty and thus hoping to get some assistance here.
I am trying to relay with [ msmtp ] via [ lmtps ] from a lan host other
than [ dovecot ] is running on.
[ dovecot config ]
> service lmtp {
> unix_listener lmtp {
> #mode = 0666
> }
[ ss -wxl | grep lmtp ]
> u_strLISTEN 0 100 /var/run/dovecot/lmtp 68262 * 0
So far so good. Now from the other lan host -> [ msmtp --serverinfo
--tls --tls-certcheck=off --host=172.24.109.6 --protocol=lmtp --port=262
] produces:
> msmtp: cannot connect to 172.24.109.6, port 262: Connection refused
Re: dsync not replicating ".dovecot.sieve -> .sieve/managesieve.sieve"
Hi! Thank you for reporting this, we'll take a look at this. Aki On 06.08.2018 02:23, Tony wrote: > Hi, > > Currently using dovecot 2.3.2.1 and pigeonhole 0.5.2 on two identical > hosts. I recently noticed ".dovecot.sieve" and > ".sieve/managesieve.sieve" are not replicating from one host to the > other in either direction. Mail is having no trouble replicating on > both hosts with dsync, it is only sieve files that are not replicating > for unclear reasons. > > # doveconf -n > host 1: https://ptpb.pw/njs3 > host 2: https://ptpb.pw/KsfK > > If I enable sieve debug logs I don't see anything that would cause > alarm. The error logs are also not reporting any trouble. I have > tested creating filters in Roundcube which is hosted from host1. This > creates the sieve files as expected, but the same sieve files do not > replicate to host2. When using Sieve with Thunderbird if the sieve > files are created on host1 or host2, these are not replicating with > dsync. So it does not seem to matter if the sieve files are created on > either host and with any mail client, they just do not replicate at all. > > # host1 > stat /home/vmail/example.email/user\@example.email/.dovecot.sieve > File: /home/vmail/example.email/user@example.email/.dovecot.sieve -> > .sieve/managesieve.sieve > Size: 24 Blocks: 0 IO Block: 4096 symbolic link > Device: 800h/2048d Inode: 596605 Links: 1 > Access: (0777/lrwxrwxrwx) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) > Access: 2018-08-05 15:24:41.351827516 -0700 > Modify: 2018-08-05 15:24:41.351827516 -0700 > Change: 2018-08-05 15:24:41.351827516 -0700 > Birth: - > > stat > /home/vmail/example.email/user\@example.email/.sieve/managesieve.sieve > File: > /home/vmail/example.email/user@example.email/.sieve/managesieve.sieve > Size: 65 Blocks: 8 IO Block: 4096 regular file > Device: 800h/2048d Inode: 1657978 Links: 1 > Access: (0600/-rw---) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) > Access: 2018-08-05 15:27:30.034984088 -0700 > Modify: 2018-08-05 15:27:30.034984088 -0700 > Change: 2018-08-05 15:27:30.034984088 -0700 > Birth: - > > # host2 > stat /home/vmail/example.email/user\@example.email/.dovecot.sieve > File: /home/vmail/example.email/user@example.email/.dovecot.sieve -> > .sieve/managesieve.sieve > Size: 24 Blocks: 0 IO Block: 4096 symbolic link > Device: fe03h/65027d Inode: 787482 Links: 1 > Access: (0777/lrwxrwxrwx) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) > Access: 2018-08-05 16:10:54.832151815 -0700 > Modify: 2018-08-05 16:10:54.815484905 -0700 > Change: 2018-08-05 16:10:54.815484905 -0700 > Birth: - > > stat > /home/vmail/example.email/user\@example.email/.sieve/managesieve.sieve > File: > /home/vmail/example.email/user@example.email/.sieve/managesieve.sieve > Size: 18 Blocks: 8 IO Block: 4096 regular file > Device: fe03h/65027d Inode: 786938 Links: 1 > Access: (0600/-rw---) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) > Access: 2018-08-05 16:10:54.815484905 -0700 > Modify: 2018-08-05 16:10:49.818745528 -0700 > Change: 2018-08-05 16:10:49.822078910 -0700 > Birth: - > > Here is the Maildir tree view. > > tree -a /home/vmail/example.email/user\@example.email/ > /home/vmail/example.email/user@example.email/ > ├── .dovecot.sieve -> .sieve/managesieve.sieve > ├── Maildir > │ ├── .Archive > │ │ ├── cur > │ │ ├── dovecot.index.log > │ │ ├── dovecot-uidlist > │ │ ├── maildirfolder > │ │ ├── new > │ │ └── tmp > │ ├── cur > │ │ ├── 1531611877.M860311P418538.mail,S=5999,W=6167:2,RS > │ │ ├── 1531624146.M201381P535494.mail,S=2133,W=2184:2,S > │ │ ├── 1533194577.M483202P864896.mail,S=6117,W=6393:2,S > │ │ └── 1533195582.M123163P877084.mail,S=1739,W=1786:2,S > │ ├── dovecot.index > │ ├── dovecot.index.cache > │ ├── dovecot.index.log > │ ├── dovecot-keywords > │ ├── dovecot.list.index > │ ├── dovecot.list.index.log > │ ├── dovecot.mailbox.log > │ ├── dovecot-uidlist > │ ├── dovecot-uidvalidity > │ ├── dovecot-uidvalidity.5b4a79b5 > │ ├── .Drafts > │ │ ├── cur > │ │ ├── dovecot.index.log > │ │ ├── dovecot-uidlist > │ │ ├── maildirfolder > │ │ ├── new > │ │ └── tmp > │ ├── maildirsize > │ ├── new > │ ├── .Sent > │ │ ├── cur > │ │ │ ├── 1531611855.M403833P418688.mail,S=3510,W=3623:2,S > │ │ │ └── 1531624037.M238133P535494.mail,S=436,W=451:2,S > │ │ ├── dovecot.index.cache > │ │ ├── dovecot.index.log > │ │ ├── dovecot-uidlist > │ │ ├── maildirfolder > │ │ ├── new > │ │ └── tmp > │ ├── .Sent Messages > │ │ ├── cur > │ │ ├── dovecot.index.log > │ │ ├── dovecot-uidlist > │ │ ├── maildirfolder > │ │ ├── new > │ │ └── tmp > │ ├── .Spam > │ │ ├── cur > │ │ ├── dovecot.index.cache > │ │ ├── dovecot.index.log > │ │ ├── dovecot-uidlist > │ │ ├── maildirfolder > │ │
